(1/7) How to debug a malicious .net dll using #DNSPY Recently I got asked if it is possible to debug a malicious .net dll using DNSPY. Afaik there is no integrated debugger function for it, so here is my indirect approach. As an example I use the dll shown in the screenshot below

RT bc it’s almost Christmas 🎄

#MalwareSharing

APT41 — The spy who failed to encrypt me by DCSO CyTec link.medium.com/5FHd24td2vb

A huge thank to Joseliyo for the work on converting automatically sigma rules into a MISP (@[email protected]) galaxy. I finally found the time to merge it in the default galaxies. The MISP galaxy will be updated at reach release automatically. #threatintel github.com/jstnk9/MISP/pu…

Hey ATT&CK , why are there two different GH Projects for nearly the same content? github.com/mitre/cti and github.com/mitre-attack/a… Why does attack-stix-data contains the "x_mitre_version" and cti doesn't?

For anyone asked to pay $$$ for a compromise assessment with the #3CX IOCs & YARA rules You can use the free THOR Lite scanner to do the same. (it should even detect traces of the activity, like C2s in log files etc; Sigma scanning only in full version) nextron-systems.com/thor-lite/

How to piss off X using 6 words maximum?

SERVICE UPDATE | Today, Twitter has revoked our access to their authentication API. The impact is submissions to the abuse.ch platforms cannot be made. We are urgently working to find a different authentication method. Please bear with us - we'll update again

🕶️🧐👀🥷🥁A new project by the Security Response team of Google: dfiq.org. It fills a gap I have seen for years, asking the same questions in similar investigations across analysts who might have different background and know how. 🕶️🧐👀🥷🥁

We're pleased to announce the launch of our new website Access resources, documentation, and community projects to enhance your experience with the Sigma Rule Standard Special thx to Αⅼех for the hard work! Blog: medium.com/sigma-hq/intro… Explore now: sigmahq.io

#ShortAndMalicious Our researchers recently discovered an installer for the mandatory 🇷🇺Russian tax filling software "Spravki BK" (Справки БК) which was backdoored with #KONNI malware, generally attributed to 🇰🇵North Korean threat actors. 1/5

I'm looking to contract someone who can convert JA4+ into Zeek scripts. Anyone know of any Zeek experts who could take on the effort?

Our newest article provides a closer look at recent reporting on Volt Typhoon's "JDY" botnet management, which suggests that the threat actor uses Tor differently to what has been publicly documented so far. medium.com/@DCSO_CyTec/c4…

CISA is requiring all Federal agencies to disconnect Ivanti products by Friday at midnight (Ivanti Connect Secure & Ivanti Policy Secure). This is roughly 48 hours notice, to not patch, but rip it out! Ivanti is an American company. This is unprecedented. cisa.gov/news-events/di…

Repeat after me: Patching an already compromised system won’t solve the problem #PaloAlto